Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN on LAGG, with HA (CARP), both nodes show Master for each VLAN

    HA/CARP/VIPs
    2
    4
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nicholfd
      last edited by

      I have a HA cluster of SG-4860's (network diagram attached).  Physical ports LAN (igb0) & OPT 1 (igb2) are part of a LAGG (LAGG0).  I have 2 x VLANs assigned to LAGG0 - 128 (LLAN) & 132 (ENG).  The VLANs have single IPs on them - LLAN:10.128.0.2 & 3, ENG:10.128.0.2 & 3 for node 1 & node 2, respectively.  CARP VIPs are 10.128.0.1 for LLAN & 10.132.0.1 for ENG.

      I have CARP setup & working properly for the WAN (igb1) port & MGT (igb3) port (no LAGG or VLANs involved).

      It consistently comes up in this mode.  I've tried blowing away the interfaces, VLANs LAGG to start from scratch, and it still comes up constantly in this manner.

      Anyone have any ideas?  What else can I provide or look at to troubleshoot this?

      Thanks in advance,
      Frank
      ![USNDC Network Diagram.png](/public/imported_attachments/1/USNDC Network Diagram.png)
      ![USNDC Network Diagram.png_thumb](/public/imported_attachments/1/USNDC Network Diagram.png_thumb)
      ![Node 1 CARP Status.png](/public/imported_attachments/1/Node 1 CARP Status.png)
      ![Node 1 CARP Status.png_thumb](/public/imported_attachments/1/Node 1 CARP Status.png_thumb)
      ![Node 2 CARP Status.png](/public/imported_attachments/1/Node 2 CARP Status.png)
      ![Node 2 CARP Status.png_thumb](/public/imported_attachments/1/Node 2 CARP Status.png_thumb)

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Dual master means the CARP advertisements aren't making it from the primary to the secondary on the interfaces in question. Often because of a complete lack of network connectivity between them on those networks, but at a minimum, the CARP multicast not making it through.

        1 Reply Last reply Reply Quote 0
        • N
          nicholfd
          last edited by

          @cmb:

          Dual master means the CARP advertisements aren't making it from the primary to the secondary on the interfaces in question.

          Thanks for the reply.  "Interfaces in question" refers to the VLAN interfaces?

          On the switch stack, I'm having a challenge bringing the LAGG group up. The switch stack shows the LAGG switch ports as "Blocked".  Also on the switch stack, the ports in the LAGG show shutdown by LACP.  This might explain the pfSence status under CARP.  I'll try to get the switch stack LAGG issue worked out and post an update.

          So, does CARP/HA apply individually to each individual interface, rather than the the entire other cluster node?  If so, I like this, but I expected the HA cluster features to be an all or nothing type of failover for a cluster.  I would have expected the cluster to talk via the SYNC interface to pick a winner for each interface (VLAN in my case). So I guess that's not how it works?

          Thanks,
          Frank

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            That explains it. CARP works on every interface where a CARP VIP exists, not the sync interface. They'll switch over completely where the secondary knows it needs to take over and the primary sees that fact, but they have to be able to communicate on all the VLANs and interfaces for that to function.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.